summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2011-02-18 12:15:52 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2011-02-18 12:15:52 +0100
commit4dd7a3c15830aa21548716798171e67cb14bca49 (patch)
tree0b347c499aa2adcf7367061d09cf0e70399a4464 /src
parent3bb13acbff0983960e06eb33e0daa98c3dab472c (diff)
downloadconntrack-tools-4dd7a3c15830aa21548716798171e67cb14bca49.tar.gz
conntrack-tools-4dd7a3c15830aa21548716798171e67cb14bca49.zip
conntrackd: remove use of deprecated nfct_maxsize()
This patch removes the use of nfct_maxsize() and several abusive stack-based allocations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/netlink.c17
-rw-r--r--src/sync-mode.c10
2 files changed, 16 insertions, 11 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 1810f4a..60274f3 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -164,20 +164,21 @@ int nl_send_resync(struct nfct_handle *h)
/* if the handle has no callback, check for existence, otherwise, update */
int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct)
{
- int ret;
- char __tmp[nfct_maxsize()];
- struct nf_conntrack *tmp = (struct nf_conntrack *) (void *)__tmp;
+ int ret = 1;
+ struct nf_conntrack *tmp;
- memset(__tmp, 0, sizeof(__tmp));
+ tmp = nfct_new();
+ if (tmp == NULL)
+ return -1;
/* use the original tuple to check if it is there */
nfct_copy(tmp, ct, NFCT_CP_ORIG);
- ret = nfct_query(h, NFCT_Q_GET, tmp);
- if (ret == -1)
- return errno == ENOENT ? 0 : -1;
+ if (nfct_query(h, NFCT_Q_GET, tmp) == -1)
+ ret = (errno == ENOENT) ? 0 : -1;
- return 1;
+ nfct_destroy(tmp);
+ return ret;
}
int nl_create_conntrack(struct nfct_handle *h,
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 4b48449..5351110 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -43,8 +43,7 @@
static void
do_channel_handler_step(int i, struct nethdr *net, size_t remain)
{
- char __ct[nfct_maxsize()];
- struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
+ struct nf_conntrack *ct;
if (net->version != CONNTRACKD_PROTOCOL_VERSION) {
STATE_SYNC(error).msg_rcv_malformed++;
@@ -74,11 +73,15 @@ do_channel_handler_step(int i, struct nethdr *net, size_t remain)
STATE_SYNC(error).msg_rcv_bad_type++;
return;
}
- memset(ct, 0, sizeof(__ct));
+ /* TODO: add stats on ENOMEM errors in the future. */
+ ct = nfct_new();
+ if (ct == NULL)
+ return;
if (parse_payload(ct, net, remain) == -1) {
STATE_SYNC(error).msg_rcv_malformed++;
STATE_SYNC(error).msg_rcv_bad_payload++;
+ nfct_destroy(ct);
return;
}
@@ -97,6 +100,7 @@ do_channel_handler_step(int i, struct nethdr *net, size_t remain)
STATE_SYNC(error).msg_rcv_bad_type++;
break;
}
+ nfct_destroy(ct);
}
static char __net[65536]; /* XXX: maximum MTU for IPv4 */